Global Internet Security Threat Landscape 2018...2018/08/28 · Global Internet Security Threat...
Transcript of Global Internet Security Threat Landscape 2018...2018/08/28 · Global Internet Security Threat...
Global Internet Security Threat Landscape 2018
ITU Workshop on Advanced Cyber Security Attacks and Ransomware
Thomas Hemker, CISSP, CISM, CISADirector Security Strategy, CTO Office - Symantec
Thomas Hemker, CISSP, CISM, CISA
23 Years IT-SecurityPGP
CTO OfficeCISO ContactpersonSpeaker, Author
ISF, TeleTrust, Bitkom, ENISAISACA, (ISC)2, HDG
Hamburg#THeSecurity(LinkedIn, XING, ResearchGate, noFB)
https://www.symantec.com/security-centerhttps://www.symantec.com/security_response/publications/monthlythreatreport.jsp@threatintel
Threats
Other
Network & Web
Ransomware
Advanced Malware
SpamMalicious Websites
Spear-Phishing attacks
Endpoints
Negligent Employee
Big Numbers
Some Key Findingso Cryptojacking Attacks Explode by
8,500 Percent
o Implanted Malware Grows by 200 Percent, Compromising Software Supply Chain
o Mobile Malware Continues to Surge
o Business-Savvy Cyber Criminals Price Ransomware for Profit
o Majority of Targeted Attackers Use Single Method to Infect Victims
Crypto Jacking Predictions
TARGETING
ORGANIZATIONS
Targeting of corporate
or organizational
networks in order to
harness the power of
servers or
supercomputers.
CLOUD HIJACKING
Cloud services offer
the possibility of high-
powered mining. This
has a possible
financial impact on
cloud customers
where they pay based
on CPU usage.
BOTNETS
Distributed mining,
either through
conventional botnets
of malware-infected
computers and IoT
devices or browser-
based coinminers,
hosted on websites.
Living off the Land
Definition: Living off the landOnly pre-installed software is used by the attacker and no additional binary executables are installed onto the system
Fileless AttacksMemory Only AttacksDual- Use ToolsTargeted Attack Groups
Supply Chain Attacks
Cybercrime Trends
RansomwareDetections stable at 1,242 per day in 2017 (-2%)Downloader detections increased by 92%46% increase in new ransomware variantsAverage ransom down to $522 from $1,070
Shift to other attacksTo coin mining e.g. VenusLocker shifted from ransomware to crypto miningTo financial Trojans e.g. Emotet activity increased by 2,000% in Q4
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Ransomware
• The advent of worm-type ransomware is a new and highly disruptive avenue of attack
• Businesses in particular are most at risk to worm-type threats, which can spread in minutes across poorly secured networks
• Infection numbers are continuing to trend upwards, powered by the WannaCry and Petya outbreaks
• Average ransom appears to have stabilized at $544, indicating attackers may have found their “sweet spot”
• The U.S. is still the country most affected by ransomware, followed by Japan, Italy, India, Germany, Netherlands, UK, Australia, Russia, and Canada
$0
$200
$400
$600
$800
$1,000
$1,200
2014 2015 2016 2017 (to date)
0
20
40
60
80
100
120
2014 2015 2016 2017 (to date)
Families
Ransom
34% - 64%
https://www.symantec.com/security-centerhttps://www.symantec.com/security_response/publications/monthlythreatreport.jsp@threatintel